back to article Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference – get smart or face a whole world of trouble. The level of interconnectedness of the world's technology is increasing daily, he said, and is becoming a world-sized web – which he acknowledged was a horrible term – made up of sensors, distributed …

  1. Anonymous Coward
    Anonymous Coward

    It's gonna be difficult...

    ...telling people that they can't have a cheap internet connected aircon.

    "I do not believe regulators alone are up to the task – we all need to get involved."

    That isn't going to work. Whilst a few people and companies who understand it will get together, there will always be those retailers and importers who don't give a damn and will sell the cheapest what-not anyway, thinking that it'll never be their problem. And because we have 'free trade' there's not a lot anyone can do about it.

    It needs a serious re-think of the whole thing (trade, network design, identity management, regulations).

    The only thing that can actually force an improvement in the situation is changes in the laws. But laws only come about as a result of legislators getting their act together on this matter. They don't really understand the problem (not their fault, not many of them have engineering backgrounds), and it will only be after some severe event that they will be fully motivated to act.

    It's one thing to get some research money out of the government, but it's a whole other thing to persuade them to ban importation of non-compliant goods from abroad, decide what 'compliant' means anyway, throw away large chunks of the Internet as we know it, implant all the world's people with ID chips at birth and mandate basic system designs rules.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's gonna be difficult...

      A number of UK eBay suppliers sell wireless door chimes that are on 315mhz rather than 433mhz. IIRC the former is not a legal use in the UK.

      1. harmjschoonhoven
        Headmaster

        Re: It's gonna be difficult...

        A number of UK eBay suppliers sell wireless door chimes that are on 315mhz MHz rather than 433mhz MHz. IIRC the former is not a legal use in the UK.

        FTFY.

    2. Anonymous Coward
      Anonymous Coward

      @AC - Re: It's gonna be difficult...

      Actually those retailers and importers are right, it's not their problem. They're doing business, they're not a charity to care for something that is non-profit related.

      1. bazza Silver badge

        Re: @AC - It's gonna be difficult...

        "Actually those retailers and importers are right, it's not their problem. They're doing business, they're not a charity to care for something that is non-profit related."

        Er, it is their problem if they get caught doing it. The trouble is that the trade arrangements we have these days assume that manufacturers and traders are trustworthy, but there's very little going on to check up on them. With no real chance of being caught, the greedier types get away with it. A CE badge is meant to mean something but in practice it doesn't.

        Looking at the debacle over hoverboards one wonders whether anyone anywhere cares about product standards compliance at all.

        1. Measurer

          Re: @AC - It's gonna be difficult...

          I do.... (the poor Machinery electrical engineer whimpers from under the weighty tomes of EN 13849-1, EN 62061 and EN 61508).

    3. gnufrontier

      Re: It's gonna be difficult...

      Laws do not protect you from law breakers and there is a certain percentage of those based on population size when things are going well and a larger percentage when things are going not so well.

      One may as well be sacrificing virgins to the moon god for all the good laws are going to do for you.

      Why is that the belief persists that a rule written on a piece of paper has some kind of magic power over all human beings ? We are talking about rules written by humans here and not some narrative about an omniscient and omnipotent being that hands out rules written on stone which aren't followed either by the way.

      If that is what you are wrapping yourself in to keep out the chill then be prepared to shiver under that ragged blanket.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's gonna be difficult...

        "Why is that the belief persists that a rule written on a piece of paper has some kind of magic power over all human beings ? We are talking about rules written by humans here and not some narrative about an omniscient and omnipotent being that hands out rules written on stone which aren't followed either by the way."

        Because, in case you didn't know, there's people whose job it is to prevent bad things happening. They're called the Police.

        There's whole laws with words like "conspiracy to commit" in them. They are there so that if a jury is sure that the evidence indicates that an individual was planning an illegal act, they can be locked up before they do it, not afterwards.

        If you don't have laws like that you'd have the absurd situation where it would be illegal to prevent someone carry out a burglary, terrorist attack, fraud, etc.

      2. Nigel 11

        Re: It's gonna be difficult...

        Laws do not protect you from law breakers

        Depends on what sort of laws.

        Laws that criminalize (say) ignoring safety and financial regulations will work, if the penalty is stiff enough. Nobody in VW would have authorized the cheat devices if the penalty once discovered was certain to be jail time. Bankers would probably not have created the recent financial crisis, if the penalty would have involved sequestration of all personal wealth howsoever acquired on top of certain jail time. They saw it as "heads I win, tails you lose" and in many cases they were not actually breaking the then-existing law, just working in dark grey zones of arguable legality but total amorality.

        And of course, laws and regulations that impose safety or financial regulations are in general followed by the law-abiding majority, at least if people can see that there is a modicum of sense behind them. So company accounts are audited, electrical products and cars are rarely unsafe, food no longer contains untested and undisclosed additives.

        In case you are bristling about unwarranted regulations, there needs to be a mechanism for striking down regulations that have outlived their usefulness (and a lot of EU nonsense that had no useful purpose in the first place. In what way will reducing the maximum power of a kettle save energy? The amount of energy needed to raise the temperature of a litre of water from A to B is a physical constant. Worse, if it takes longer to boil, more energy will leak out of the kettle. Idiots! )

        1. Richard Simpson

          Re: It's gonna be difficult...

          Can you explain exactly where you saw the regulation about reducing the power of kettles. An actual link would be useful. Last time (it was about a year ago) there was an EU study into proposed energy saving measures I took the trouble to look at the bit about kettles. It proposed two solutions:

          1) Better insulation.

          2) Far more effective 'auto switch off when it boils' mechanism that work promptly when the kettle is new and don't get steadily less effective as it ages.

          Both struck me as being quite sensible. Of course, you are going to ask me for a link to the study I am referencing and that could take a while to find.

      3. Anonymous Blowhard

        Re: It's gonna be difficult...

        "Laws do not protect you from law breakers"

        No they are intended to establish a framework for society to get on with things.

        I think the legal context that's being discussed here isn't the "make hacking illegal" type of law, it's more like "make system suppliers more liable for their products so they'll make them better".

        We already do this with lots of safety critical equipment containing software (cars, planes ships etc.) so there's no reason we can't legislate for certain kinds of systems to follow similar guidelines.

        OK, as an example, you might put the price of electricity up by a small amount, but you'd be doing this with the aim of making the electricity supply more robust.

        Also, if this is a defence issue, then divert part of the defence budget to securing critical systems; maybe spend less on spying on the public in a vain attempt to anticipate an attack, and spend more on securing systems so an attack is harder to accomplish and can do less real-world damage.

      4. Kurt Meyer

        Re: It's gonna be difficult...

        @gnufrontier

        I'll confess that I completely failed to spot your suggested alternative.

      5. Anonymous Coward
        Anonymous Coward

        Re: It's gonna be difficult...

        "One may as well be sacrificing virgins to the moon god for all the good laws are going to do for you."

        Law creates the concepts of 'property' and 'ownership' which have some advantages in terms of encouraging sustained activity towards long-term goals.

        In other words: you won't get much done if you spend all your time protecting what you fondly imagine to be 'yours'.

        1. Triggerfish

          Re: It's gonna be difficult... 315Mhz

          Hi just curious what is 315Mhz used for? Did have a google but could not see anything quickly that explained it.

          Did find an interesting thread though about cheap firing systems for fireworks on a UK forum from ebay that also use 315Mhz. Does that mean there are going to be some surprised* people in November.

          *possibly briefly

      6. Paul 195

        Re: It's gonna be difficult...

        "Laws do not protect you from lawbreakers"? The laws on their own might not, but you back those laws up with enforcement, so that they are more than just rules written on a piece of paper. If you are sure laws make no difference, try living somewhere like Somalia where government has effectively broken down. Good legislation (yes, there is bad legislation too) demonstrably makes our lives safer and better. And we aren't just talking about protection from criminals, legislation on things like safety standards clearly protects everyone by making it possible to take dangerous products off the market and fine the people selling them. This model has been working reasonably well for a long time now, and is one reason why you stand a good chance of not being electrocuted by your toaster.

    4. John H Woods Silver badge

      Re: It's gonna be difficult...

      AC says: "not their fault, not many of them have engineering backgrounds"

      Sorry but I disagree entirely. Most engineers, if tasked with learning relevant parts of national law; company procedures; business modelling; or technology currently outwith our experience, would simply settle down to learn what they could about it. Where they still didn't understand, they would identify someone who could advise, and ask them.

      Nobody is asking legislators to know about Yagi antennas, microwave propagation, packet level protocols, database schemas, etc. Not having an engineering background must not be considered a be-all-and-end-all excuse for refusing to come to grips with matters for which one is responsible. We expect legislators to be able to consider medicolegal affairs without having a medical (or legal) background; social affairs without psychological qualifications; transport and infrastructure without civil engineering knowledge.

      It is perfectly reasonable to expect legislators to be able to learn, to be able to consult, to be able to listen. The apparent fact that many of them can't means that they are unfit for their roles; no excuses.

      PS: and yes, I would say the same applies to managers.

  2. Destroy All Monsters Silver badge
    Holmes

    Vernor Vinge wrote about this

    Takeover of crappy IoT civilization from orbiting alien spaceship via leet haxx.

    No problemo!

    1. Rich 11 Silver badge

      Re: Vernor Vinge wrote about this

      And presumably the aliens will use their equivalent of a Mac to do so.

      1. DropBear

        Re: Vernor Vinge wrote about this

        "And presumably the aliens will use their equivalent of a Mac to do so."

        They'll use whatever they have at hand - historical documents like Independence Day taught us that viruses (and animated GIFs) transcend petty, fluffy stuff like hardware architectures and instructions sets. You could easily hack a Nest if you wanted with nothing but an alien comm badge, surely...

  3. Scoular

    Do governments care anyway

    Or are they likely to be happy to have another way to gather information on their own people whilst also exposing them to attack by others. Politicians are woefully ignorant and happy to stay that way as it lets them hold absurd beliefs comfortably.

    I suspect governments want systems as leaky as possible in the belief that if they only have a little more information all problems will be solved. Those iPhones for example.

  4. Salts

    Hmmm...

    UK Politicians please take note

    "Historically we are bad at defending against threats and very good at panicking about them," he said. "Panic is more dangerous to liberty than the threats themselves."

    1. Destroy All Monsters Silver badge

      Re: Hmmm...

      Those "panics" are generally skillfully engineered.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmmm...

        Those "panics" are generally skillfully engineered.

        Given the (thankfully) low rate of successful terrorist attacks in the UK, exactly what 'panics' are you referring to?

        If you're referring to the new snooper's charter, you could hardly accuse them of putting it to Parliament in the teeth of a mass panic. Fortunately there isn't one happening at the moment. At least they're asking MPs to consider (if only briefly) the matter with clear-ish heads instead of exploiting the inevitable reactionism that would prevail in the aftermath of an atrocity such as Paris suffered recently.

        1. Graham Marsden

          @AC - Re: Hmmm...

          > exactly what 'panics' are you referring to?

          The sort being engineered by the Sir Humphreys of this world.

          Damnit, man, don't you know we're facing Padeo/Terror/Drug/Crime-ageddon and the only way to deal with them is to snoop on everyone's internet activity!

          1. Anonymous Coward
            Anonymous Coward

            Re: @AC - Hmmm...

            "The sort being engineered by the Sir Humphreys of this world.

            Damnit, man, don't you know we're facing Padeo/Terror/Drug/Crime-ageddon and the only way to deal with them is to snoop on everyone's internet activity!"

            I'm not sure how much of a 'geddon it is yet, but I think we'd all prefer there to be less of that kind of thing going on.

            Besides, if they're beginning to panic over it then maybe we should start worrying... Sir Humphrey probably has a T shirt with "if you see me running for the hills, try to keep up" on the back.

            1. Charlie Clark Silver badge
              FAIL

              Re: @AC - Hmmm...

              I'm not sure how much of a 'geddon it is yet, but I think we'd all prefer there to be less of that kind of thing going on.

              This is straight from the major! Where's the Monty Python icon?

              10 points to your team for demonstrating an appropriate response to engineered panic! Have a copy of the Brass Eye Paedophilia Special for your troubles. Better order some filing cabinets for your kids!

            2. dajames

              Re: @AC - Hmmm...

              Sir Humphrey probably has a T shirt with "if you see me running for the hills, try to keep up" on the back.

              Sir Humphrey in a T shirt? That certainly could be taken as a sign of the end of civilization as we know it!

          2. KeithR

            Re: @AC - Hmmm...

            "The sort being engineered by the Sir Humphreys of this world.

            Damnit, man, don't you know we're facing Padeo/Terror/Drug/Crime-ageddon and the only way to deal with them is to snoop on everyone's internet activity!"

            You seem to be confusing Civil Servants with the Daily Mail.

            They're not the same.

            1. Graham Marsden

              @KeithR - Re: @AC - Hmmm...

              > You seem to be confusing Civil Servants with the Daily Mail. They're not the same.

              No, but the DM et al can be counted on to uncritically repeat press releases or stories from "sources" and add their own -ageddon spin to them...

            2. Anonymous Coward
              Flame

              Re: @AC - Hmmm...

              No, the Senior Civil Service is to a man (v few women) Daily Mailites

        2. Eddy Ito

          Re: Hmmm...

          exactly what 'panics' are you referring to?

          Now there's a problem. People don't even know when they're supposed to panic even after we've put all these fancy schemes in place. I mean it's right there at the top right corner of the page. Let me save you the time "Current UK threat level: SEVERE". Those of us on the other side of the pond it's here and enjoy your "Elevated Condition (Yellow)" day.

          Perhaps we'll have to have a nice talk with the two agencies about instituting a nice 300x100 animated GIF that flashes the days threat level. Yes, that'll be much better.

        3. Anonymous Coward
          Anonymous Coward

          Re: you could hardly accuse them of putting it to Parliament in the teeth of a mass panic

          No. But you could easily accuse them of putting it to parliament whilst the government is in the throes of a euro-sceptic split, large proportions of the press are claiming that economic migrants are after our jobs and a mentalist is heading towards the white house. They've definitely tried to minimise the amount of scrutiny it's getting....

      2. Anonymous Coward
        Anonymous Coward

        Re: Hmmm...

        See: disaster capitalism

      3. Anonymous Coward
        Anonymous Coward

        Re: Hmmm...

        No, they are not. They are not so skillful. But they are good at exploiting situations.

      4. amanfromMars 1 Silver badge

        Hmmm... Sow the Seed, Reap the Whirlwind?

        Those "panics" are generally skillfully engineered. .... DestroyAllMonsters

        Ideally be they skilfully engineered, DAM, but generally they be nothing short of a catastrophe in planning/foresight and afterthought ........ http://www.zerohedge.com/news/2016-03-02/striking-admission-former-bank-england-head-european-depression-was-deliberate-act

        And to imagine and realise that media and governments hang on to and laud their every uttered word as if scared and gospel, tells you everything you need to know about the depth and spread of the absurdity and insanity.

        Madness and mayhem is the norm in their shell end game and it is beautifully destroying them at an exponential rate these cloudy days, and there is nothing to be done about it with Remote IT Command and Virtual Space Control without Creative Cyber Command and AI Control in Virtual Machine Systems ....... and quite whether such is to be made readily available to corrupt and perverted systems to save such systems admins and exclusive executive elites is ...... well, at least a gazillion dollar question, for it will be expensive and not at all cheap.

  5. asdf

    bravo

    >"Historically we are bad at defending against threats and very good at panicking about them," he said. "Panic is more dangerous to liberty than the threats themselves."

    I tend to think of Bruce more as a hack but bravo for saying this. Of course IIRC Heinlein said something similar many decades ago but that is remarkably often the case. Also calls to mind that asshat of the first order Tommy Franks saying if we had another terrorist attack we might have to get rid of the constitution.

    1. Lapun Mankimasta

      Re: another terrorist attack we might have to get rid of the constitution

      So? If I don't get the milk on my cornflakes exactly the right temperature and colour, we WILL have to get rid of the constipation - oops, I meant constitution. Terrorist attacks are nothing compared to getting milk on cornflakes exactly right. Even Silicone Valley agrees - a decade ago there was an ad on Slashdot with a couple of Silicone Valleyites complaining about "Warm Balls" - oops, that's meant to read "Warm Bawls" ... truly tragic, judging from their expressions!

    2. Charlie Clark Silver badge

      Re: bravo

      And Benjamin Franklin said "He who would trade liberty for some temporary security, deserves neither liberty nor security".

      I'm sure Cicero and Socrates said something similar. And yet…

      1. DropBear
        Facepalm

        Re: bravo

        "And Benjamin Franklin said..."

        Heeeeey, that was supposed to be a warning, not a sentence...!

  6. allthecoolshortnamesweretaken

    "...and it will only be after some severe event that they will be fully motivated to act..."

    As usual, because sadly such is human nature. Every safety regulation, every law, etc. was written because at one point something went wrong and did so with a large enough impact to provoke a something-must-be-done-about-it reaction.

    So, what will be the event that will wake up enough people to this problem?

    1. asdf

      Hacks aside at some point we are due for another Carrington event and if it seriously screwed up 1860ish technology it will screw us over like no rogue nation can. Its is already possible for our electrical grid to be shutdown for up to 18 months (by destroying right infrastructure). The lights being on are not as certain a thing as the sun rising like some may believe.

      1. Sir Runcible Spoon
        Black Helicopters

        If we assume that nothing will happen until there is a disaster, and that legislation will be rushed through with all sorts of unintended* consequences, then perhaps the sensible thing to do would be to draft up some legislation now and present it to the knee-jerkers later.

        Of course, that this has already happened should tell you a lot about the power behind the throne.

        *yeah, right.

      2. Nigel 11

        we are due for another Carrington event and if it seriously screwed up 1860ish technology it will screw us over like no rogue nation can.

        Wrong.

        The threat is that a Carrington event induces what is effectively a high-power DC signal in transmission lines. It's worst for long ones, over 100km, with low impedance.

        Back then data-transmission used copper wire and DC coupling to make a telegraph. The wires glowed erd-hot and shocked the operators and in places burned out. Today, long-distance datacomms is optical fibre. Telephone wires are rarely if ever long enough to get affected and I don't think a telephone offers a low-impedance path these days. Things have moved on since the days of bakelite boxes with electromechanical ringers.

        The greater threat is to the power grid which is intended to carry 50 or 60 Hz AC. The power transformers through which it is coupled cannot cope with high power DC inputs and might burst into flames. Back in the 1950s we were terribly vulnerable(*) because the threat was not well known and there would have neen absolutely no advance warning.

        Today, we have satellites watching the sun and so electricity utilities have an early-warning system. (about 15 minutes, but a lot better than nothing). Also the threat is understood and I hope that there are last-resort protection systems in place on the transformers connecting the long grid cables to monitor DC currents and internal temperature, that will disconnect from the grid if necessary to save the transformer.

        So the result ought to be somewhere between a controlled shutdown of the national grids, and a cascading power failure caused by automatic protection systems triggering in an unplanned manner. A blackout is no fun, but it has happened several times (for other reasons such as carbonized squirrels) on the USA Eastern seaboard. Civilisation didn't collapse. A few hours to a day later when the event is over, they'll reconnect the grid to the power stations.

        Move on a couple more decades, and the long-distance AC electricity grid will start to go the same way as the telegraph. It's more efficient to transmit power as high-voltage DC, and the technology of AC-DC-AC conversion is rapidly falling in cost. What was once impossible, then too expensive to use except on submarine grid links, will soon become the norm for any long-distance grid link. With a DC link, a Carrington event would just either add or subtract a small amount of energy compared to what is being transmitted. There would then no longer be a need to create a short-term blackout to save civilisation.

        (*) I'd speculate, not actually on the edge of losing 20th century civilisation. The big transformers would have different times to catastrophic failure. As soon as the first one or two exploded all hell would have broken loose with the AC power they were transmitting, and ordinary AC overload protection systems would have cut in creating a cascade failure blackout but saving enough of the grid for life to go on fairly normally th next day. I'm glad it was never put to the test, though!

        1. Anonymous Coward
          Anonymous Coward

          Or we could just really worry about a nearby (ish) magnetar.....

          1. asdf

            Actually the next thing to really fug over the US will probably be Mount Rainier. The Yellowstone caldera has been a bit too quiet the last half million years as well.

        2. asdf

          Yeah the grid may be ok except for the short term but if it took out a good portion of the satellites including say GPS that might actually be more disruptive. I just know our susceptibility to EMP (what massive solar flare would basically be) is greater today than any time in the past. If we got hit by a Carrington level event I have a strong feeling that people won't be comparing its effects to that piddly blackout in 2003. Civilization ender no but without much recent historical precedent either.

  7. John 104
    Stop

    Stop Now

    Stop saying World-Sized Web. Now. Seriously. It's awful. We already have the World Wide Web, I think that is a sufficient descriptor.

  8. Graham Marsden

    "The problem is in the design..."

    Whilst I don't disagree with Bruce Schneier, when he says this and "People are fairly good at predicting where technology is going, but have a very poor record at predicting the knock-on social effects", surely the problem is that nobody knows (or *can* know) where this stuff is going.

    History is littered with innumerable examples of a technology with one purpose having a completely unexpected effect on something which you'd have thought was totally unconnected, yet, because of that effect, the world has changed.

    Yes, of course, we should design security and safety into such systems, but predicting what they may lead to is another matter entirely.

    1. Ole Juul

      Re: "The problem is in the design..."

      Yes indeed, history is littered with innumerable examples. So when Schneier says:

      For example, everyone understood that the invention of the car allowed humans to travel farther and faster than before, but no one predicted the rise of suburban living and the consequent issues that caused.

      he is not quite accurate. I've seen examples of high density (for the time) neighbourhoods constructed by developers just "outside" town because the bicycle made it attractive to live further out and work "downtown". It's not really a matter of examples, but rather the will to look at them.

    2. dan1980

      Re: "The problem is in the design..."

      Perhaps another point to note is that both governments and companies find panic a very useful tool to further their ends (increased powers/profile and profits respectively).

      History is also littered with governments and politicians that have created, amplified or seized panic (or all three) to obtain more control over the populace or to further their political aspiriations, as it is with companies that have done exactly the same to push a product.

      The recent Ebola meltdown in the US is a good example of both.

      Both sides exploited the scare to present themselves as tough and able to protect the people - for example the detestable detainment of a nurse by Chris Christie; to push their agendas - e.g. border control and immigration; or to simply bash their opponents - declaring, for instance, as the Dems did, that Rep cuts have harmed the CDC and make the US more vulnerable.

      On the commercial front, Lysol purchased the top ad-spot on Google for searches on 'Ebola' in order to hock its disinfectant products.

      1. Anonymous Coward
        Anonymous Coward

        Re: "The problem is in the design..."

        "The recent Ebola meltdown in the US is a good example of both."

        Have you any idea how dangerous ebola is? That really is one where you really, really cannot afford to rely on people doing the right thing.

        What makes it so dangerous is that the early symptoms play badly with people's innate belief that nothing bad is happening to them. They pass it off as 'it's just a cold'. But by then it's already too late and has been spread.

        Sadly you're correct about how some people seek to push their own agendas and commercial profits in such situations... We'd be much more impressed if politicians did the right thing.

        1. Nigel 11

          Re: "The problem is in the design..."

          Have you any idea how dangerous ebola is?

          And before that, SARS. The world has had two narrow escapes from global pandemic. Both diseases were insufficiently infectious to continue spreading once people were sufficiently informed and convinced to change their behaviour. In Africa, abandoning funeral and other rituals that might have been designed to spread Ebola. In Asia (SARS) avoiding body contact where unnecessary and wearing facemasks.

          When the next killer flu arrives, we won't be so lucky. Hundreds of millions will die, if medical science hasn't come up with an effective anti-viral or a fast way to make a vaccine by then.

        2. Alistair
          Windows

          Re: "The problem is in the design..."

          @ AC

          "Have you any idea how dangerous ebola is? That really is one where you really, really cannot afford to rely on people doing the right thing.

          From the CDC:

          "Direct contact means that body fluids (including but not limited to blood, saliva, mucus, vomit, urine, or feces) from an infected person (alive or dead) have touched someone’s eyes, nose, or mouth or an open cut, wound, or abrasion."

          As a contagion rate issue, it is not airborne, nor is it likely ever to become capable of airborne transmission, which drops the infection rate spectacularly.

          Furthermore, since it has such a *rapid* infection manifestation (less than 7 days*) and is typically sourced to bushmeat consumption in a *very* limited portion of the planet, and the symptomatology is well understood in that area of the planet, folks that are symptomatic generally aren't allowed on transport that would allow them to spread it far and wide.

          Measles is FAR worse as diseases go as it is airborne, has a contagion rate almost 70 times that of ebola, a longer infection manifestation (7 to 21 days), and as a result is capable of killing more people. Just thank the anti-vaccination crowd for *THAT* factor.

          Trust me, the ebola outbreak was a medical disaster, but it was in no way a threat to the western world. That panic was used as leverage for *political* issues, including right wing racial paranoia, accelerating the concept of 'terrorist threats' and at least two attempts to further restrict western world freedoms. The *only* advantage that came out of the panic was that there were resources freed up and applied to the situation that assisted in containment, investigation, and resolution of the overall outbreak, which would have lasted much longer without the additional resources.

    3. chivo243 Silver badge

      Re: "The problem is in the design..."

      "History is littered with innumerable examples of a technology with one purpose having a completely unexpected effect on something which you'd have thought was totally unconnected, yet, because of that effect, the world has changed.

      One example is a time saving device that was lauded as the greatest invention ever. However, there was a risk of death, but people and governments still embraced this technology. This technology kills thousands of people a year, but we're still using it.

      Would you like a lift in my automobile?

    4. Mark 65

      Re: "The problem is in the design..."

      Oh, I disagree with him here. We all know where this is going, 1984. The Government have no interest at all in preventing that as long as the tech oligarchs give them access to the data. If they don't then there'll be intervention. The only thing up for debate is the speed at which we arrive there. The only hope would be open source software, everyone else just wants bulk data collection whether it be from your computer, TV, fridge or light bulbs.

  9. Fazal Majid

    UL

    Government is not required for a solution. What we need is a digital version of Underwriters Laboratories, who do certification and safety checks for manufacturers, as do others like NSF or the TÜVs:

    https://en.wikipedia.org/wiki/Nationally_Recognized_Testing_Laboratories

    If IoT vendors cannot sell a product if it lacks a security mark from UL or others, they will get with the program.

    1. Doctor Syntax Silver badge

      Re: UL

      "What we need is a digital version of Underwriters Laboratories"

      You've got the right idea, but you're over-complicating it. Why have digital versions of existing laboratories? Why not just extend the scope of the ones we've got?

      1. Tomato42
        Boffin

        Re: UL

        because if you extend accounting auditors jobs to checking if IT procedures are followed you get Diginotar breach

        electronics and software is sufficiently apart that they shouldn't be under the same certification program

    2. Kurt Meyer

      Re: UL

      @Fazal Majid

      "Government is not required for a solution.

      Whose safety standards do Underwriters Laboratories, The NSF, or the TÜVs certify?

  10. Anonymous Coward
    Anonymous Coward

    "[...] the car allowed humans to travel farther and faster than before, but no one predicted the rise of suburban living"

    In the UK the exodus to the suburbs was long before cars became anything other than a novelty.

    It was horse-drawn, steam, and electric trams that made commuting possible for ordinary workers in the 19th century. The creation of Metroland was down to the suburban railways who set themselves up in house building to increase their passenger counts. Those affluent enough to buy houses in those new suburbs rarely had a car.

    Even in the 20th century cars did not become commonplace until the 1960s. Instead of creating suburbs - what was probably unpredicted was people commuting outside their local town or city. Grand designs of towns incorporating comfortable living and working areas have gradually been eroded with the loss of their industrial capacity.

    1. Naselus

      "what was probably unpredicted was people commuting outside their local town or city."

      Nope, even that had been foreseen. The rise of suburbia is mostly a direct (and intended) result of changes to planning laws to separate people out from the factories they worked in, because for some reason the government felt an average life expectancy of 27 for the working poor was a bad thing. Thankfully, the current government don't have such questionable motives. /sarcasm.

      1. Anonymous Coward
        Anonymous Coward

        "The rise of suburbia is mostly a direct (and intended) result of changes to planning laws to separate people out from the factories they worked in,"

        The UK town planning separation into residential, retail, and industrial zones was intended to keep people within a reasonably short distance of all three. A healthy combination. The UK exemplars were Bournville, Port Sunlight, Saltaire - and the later Garden Cities like Welwyn and Letchworth. The post-war "New Towns" like Harlow and Milton Keynes were all designed on that self-contained basis. The expectation was that walking, cycling, or public transport would be effective means of transport for those distances.

        It was not intended to create a large suburban sprawl with no local retail or industrial facilities.

        Local retail and industrial areas are now often almost derelict - and many are being converted to commuter residential stock. People have been forced to become more mobile in travelling outside their town to work and shop. A chicken and egg situation in many cases.

    2. Kurt Meyer

      "the exodus to the suburbs"

      @AC

      "In the UK" "in the 19th century"

      Try, if you can, to imagine a world beyond the UK in the 19th century.

      I haven't read his address to the conference, but I will wager that Schneier, an American, was making reference to automobile usage in the United States, in the 20th century, and the consequent "exodus to the suburbs".

  11. Gray
    Trollface

    Trump: It will be So Great!

    Just you wait and see. President Trump will make it So Great! that you won't believe it! Great, simply Great! And those who mess with the internet, they'll be in So Much Trouble! You won't believe how much trouble they'll be in! They'll be in so much trouble, you won't believe it!

    1. Anonymous Coward
      Anonymous Coward

      Re: Trump: It will be So Great!

      Good plan!

    2. Naselus

      Re: Trump: It will be So Great!

      The really terrifying thing is, with just this one post Gray has now overtaken all the Republican establishment candidates in the race for the nomination.

  12. dan1980

    "There are no easy answers to this, he said, but for a start we should concentrate on disconnecting key systems from each other and moving to more distributed, localized systems, and putting time limits on data storage."

    Less connectivity and less data?

    Right and this is going to be on the table for "policy makers and the technology industry" is it?

    Because neither of those groups utilise the current situation (lots of connectivity and lots of data) or wish to expand it even further, right?

    The way forward suggested, while correct in being the best course of action, is sadly the one that is least likely to happen given that the people who need to take charge (and indeed are, largely, in charge) have a particular interest in obtaining the opposite result to that which is desired by people like Schneier.

  13. Anonymous Coward
    Gimp

    History repeats itself

    "Traditionally we build complex systems like buildings and aircraft with a safety first principle. "

    Ahh bless: Tacoma Narrows Bridge, BAC Comet and funnily enough Millennium Bridge. Note the last is less than 20 years old. Sorry, buildings: the last one that collapsed with tragic consequences in a recent earthquake in Taiwan (?)

    Civ Eng and Aero Eng are much older than IT but despite that they also suffer from "bugs". The Millennium Bridge is my favourite example of a well funded, inexcusable fuck up. Resonance is pretty well understood these days and yet people getting into lockstep could shake a modern bridge.

    Apples are not oranges ...

    1. Naselus

      Re: History repeats itself

      Hey, he just said we build with a safety first principle. He didn't say we don't fuck it up from time to time.

    2. KeithR

      Re: History repeats itself

      "BAC Comet "

      That's a stupid example to (fail to) make your point with.

      It was designed in accordance with EVERY build, design and safety regulation extant at the time. It's just that - being the first of its kind - it overtook the knowledge state of the art.

      1. Anonymous Coward
        Anonymous Coward

        Re: History repeats itself

        "[...] it overtook the knowledge state of the art."

        The problem of stress concentrator cracks at square openings' corners had been discovered a few years before (ca 1943) when several early Liberty cargo ships broke in half in the North Atlantic. Built very quickly*** and economically from a modified existing design their hatches had sharp cornered cargo hatches in the deck.

        The tragedies were the result of several material and environmental factors combining - but the crucial effect of stress concentrators was only discovered by an investigation.

        https://en.wikipedia.org/wiki/Liberty_ship

        *** The build time was reduced from about 230 days to 42 days. For a publicity stunt the SS Robert E. Peary was launched 4 days and 15½ hours after the keel was laid (before fitting out).

      2. Anonymous Coward
        Anonymous Coward

        Re: History repeats itself

        I dunno, square openings on liberty ships / square ports on the Comet - fatique and stress risers, you know there could be a connection?

      3. Kernel

        Re: History repeats itself

        "That's a stupid example to (fail to) make your point with."

        You are so right there - the Nimrod, which was a modified Comet, served the RAF from 1970 until retired in 2010 and was a very highly regarded maritime patrol aircraft in its day - not the example I'd choose to illustrate failure.

        Have an up vote on me since a beer is probably not going to work.

        1. Vic

          Re: History repeats itself

          the Nimrod, which was a modified Comet, served the RAF from 1970 until retired in 2010 and was a very highly regarded maritime patrol aircraft in its day

          Highly-regarded by those who flew in it[1]. Not by those that had to operate it...

          The Nimrod programme was a major re-working of the Comet, including new (larger) wings. AIUI, they too great pains to measure up properly, then set about producing enough wings for the entire fleet. Only once they came to fit the second aircraft did they realise how much a hand-built aircraft can vary in dimension...

          Vic.

          [1] One member of our formation team is a former Nimrod captain. I'm not at all jealous, oh no...

      4. Vic

        Re: History repeats itself

        It was designed in accordance with EVERY build, design and safety regulation extant at the time.

        Ever regulation, perhaps, but it did make one significant mistake. It was only flown, during testing, by De Havilland's chief test pilot, who was a gifted pilot.

        The take-off crashes that occurred later are a result of less-knowledgeable and less-capable pilots being at the controls. This is not to attempt to blame them - they were flying the same way they flew everything else - it's just that the Comet was much pickier about take-off attitude. Because of John Cunningham's capabilitiy, that had never been observed during testing.

        Vic.

    3. Nigel 11

      Re: History repeats itself

      Resonance is pretty well understood these days and yet people getting into lockstep could shake a modern bridge.

      Except that the form of the resonance was different and new. It was well-known that people marching in lock-step might excite vertical resonances in a bridge. The millennium bridge was proof against that. What was not known was that a horizontal mode of vibration could cause people's gait to synchronize into a side-to-side pattern that further excited that particular mode of vibration. Which is what happened. Incidentally, subsequent modelling showed that the bridge could not realistically be excited to destruction. It was just bloody disconcerting for the pedestrians using it (and since that was not at the time understood, they played safe and completely closed the bridge).

      It was not an inexcusable cock-up. It was a new discovery for bridge engineers. Any new design always has the potential to bite back. Pre-construction simulations are only as good as their inputs, and in this case the input model of human beings was wrong.

    4. Alien8n

      Re: History repeats itself

      I recall being told when I was an engineer that a certain aviation company had an automated test. When auditing the test software it was found that one of the parameters being tested had a random number generator creating a number within spec as they didn't actually know how to measure the parameter, but as it had been measured previously it had been carried on with the new tests.

      The point was, once you start measuring CPK data there's no procedure for stopping measurements, regardless of how useless the measurement is. At the time we were measuring the temperature of plastic moulding compound. All well and good, until you realise it was being stored in a shed on the south wall of the building with a tin roof. There was no point in measuring the temperature as there was no way you could control the temperature within the shed.

      1. Anonymous Coward
        Anonymous Coward

        Re: History repeats itself

        "When auditing the test software it was found that one of the parameters being tested had a random number generator creating a number within spec [...]"

        When building a prototype 3rd generation mainframe the official test programming department studied the proposed design and produced tests for the limiting conditions.

        The System Test department had a more ad hoc approach - quickly writing a test program for every new failure that they diagnosed. They also produced a suite of tests that used random numbers. These tests often broke the machine in unexpected ways even though it could pass the official "limits" tests.

    5. Anonymous Coward
      Anonymous Coward

      Re: History repeats itself

      "Civ Eng and Aero Eng are much older than IT but despite that they also suffer from "bugs"."

      A few years ago a TV documentary tracked the planning and construction of a new skyscraper building. What was interesting was the number of decisions that had to be made on the fly during construction because they were using new materials or techniques. Reminded me of the software industry.

      Predictability in any area of life depends on what my economics friend was obliged to include in his degree essays as "caeteris paribus"***. It is the breach of underlying constraints - sometimes unknown but often just assumed - that causes the unexpected problems.

      *** "holding other things constant"

    6. Vinyl-Junkie
      Headmaster

      Re: History repeats itself

      That's the De Havilland Comet.

      De Havilland were absorbed into Hawker Siddeley which was later merged into BAe along with BAC.

      BAC were never involved with the Comet.

  14. Yes Me Silver badge
    Alert

    Scale

    "Defenders have to protect an entire system, where as an attacker only has to find one flaw to achieve their objective."

    Yes but... there are actually many more defenders than attackers, so defence scales. If that wasn't true we would already have passed through Armageddon.

    Not to say that there isn't a problem,of course.

    1. Anonymous Coward
      Anonymous Coward

      Re: Scale

      In what sense are there more defenders than attackers?

      The defenders are the minimum number of software engineers and sysadmins that the company can get away with, probably off-shored to the lowest-wage economy available. The attackers are every script-kiddie with access to a botnet, running their exploit scripts against the entire internet.

  15. cantankerous swineherd

    slow death of the internet speeds up a little.

    balkanisation the way forward?

  16. ecofeco Silver badge

    He's right

    Before safety practices became common, many people died.

    Many.

    It will be the same again. And has already had deadly consequences.

  17. MachDiamond Silver badge

    Regulating technology?

    Most politicians are attorneys (solicitors) and techno-numpites. To ask them to regulate "technology" is a bad idea as they would just be getting their head around AOL before the internet came along. I doubt that a majority of elected officials can type with more than 2 fingers.

    What they need to be looking into and creating legislation for is the security of the data that is maintained by businesses. If a company wants to harvest and sell personal data, that business might need to be certified and/or licensed in some way that guarantees the security they have in place is adequate and updated constantly. Any breeches would trigger fines payable to The Man® and to those whose information was leaked. Fines would apply to any breech and escalate depending on negligence of the company. This may keep undercapitalized firms from playing fast and loose in the Big Data market. Required insurance would add a level of scrutiny of safeguards put in place by insureds.

    How many firms would allow their employees to take a laptop full personal data to work on at home if the liability of a leak/loss could be a significant fraction of the company's worth?

    I would love to see some personal responsibility on the part of corporate execs. They get paid the big bucks, that should be balanced by some jail time if their company acts improperly.

    1. Lapun Mankimasta

      Re: Regulating technology?

      For a start we could have it explicitly acknowledged in legislation and made part of the human rights treaties that personal data is a personal possession and private property of the data's originator. And may only be used for the purposes beyond that for which it was collected, if that person gives fuly-informed permission in writing, with a legal representative's witnessing. And the written permission and the application for use must be in words and expressions fully understood in their entirety by the data's originator.

      1. Charles 9

        Re: Regulating technology?

        Won't that just result in businesses requiring memberships before you can do business with them (which allows them to deal with the personal information bit right away) and result in "signature fatigue"?

        As for the legibility part, that may be difficult for foreigners, illiterates, and the true idiots who nonetheless need to be able to eke out a living, unless you want to use the Spartan Solution.

    2. KeithR

      Re: Regulating technology?

      "Most politicians are attorneys (solicitors)"

      Well that's just self-evidently not true, is it?

  18. Brian Miller

    But too many devs don't give a s***

    Last year I quit a company where the developers, literally, did not care about security or testing their software. Yes, testing and security was met with a literal sneer. And that was at a major retailer, where the team was writing web APIs!

    So in this regard, Bruce is dreaming. Developers need to give a s*** on a personal level, and I honestly think that the majority don't care. Governments can legislate what they like, but I don't see anything that is going to cause sloppy developers to sit up and sharpen up their game.

    1. werdsmith Silver badge

      Re: But too many devs don't give a s***

      Developers doing what they like sounds like a management problem.

      Give the developers a properly designed specification that includes the security requirements and test it to meet that spec, and get some proper pen testers after it too. If it all gets owned in the testing then make the devs accountable.

      1. Sir Runcible Spoon
        FAIL

        Re: But too many devs don't give a s***

        The opposite can also be true.

        Take, for example, the situation where the person designing the security of an environment is trying to do all the right things, because it's an important environment, yet their boss is quite nonchalant about implementing solutions whilst dressed like Ronnie Regan before he became president.

        Sometimes the you *can't* do the right thing.

      2. Vic

        Re: But too many devs don't give a s***

        Developers doing what they like sounds like a management problem.

        Of course.

        But if you have that management problem - and it is really quite common - the only people who can sort it out are that same management. Which means management necessarily gets captured by the corner-cutters, since they provide "cheaper"[1] development. Over time, the only way in to make a difference is to become one of them...

        I worked for a large organisation a few years back. When I demonstrated that their entire development was based on criminal activity - and that I had a fairly simple solution to put it right - their initial reaction was to try to push me out the door...

        Vic.

        [1] It's not cheaper, of course - you always pay a premium for poor quality further down the line. But if you're only looking one sprint ahead, it looks cheaper not to do the testing.

  19. gnufrontier

    Too little too late is the theme of all history

    Humans have been sleepwalking into the future for as long as time has been a concept in consciousness. We have no choice in that matter. The future does not exist.

    There are certainly going to be some major problems that are the result of our being so interconnected and there will be major panics.

    We will respond to those after the fact. It has never been any different.

  20. Anonymous Coward
    Anonymous Coward

    ".... for a start we should concentrate on disconnecting key systems from each other and moving to more distributed, localised systems, and putting time limits on data storage."

    ... or else Skynet will take over and you will never be able to delete your porn history.

    There will always be the good guys and bad guys. The Internet or IoT is just the latest and popular battle field. There will be hiccups but eventually we'll arrive at a level of safety in for mankind to prevail.

    The next battlefield might be your DNA, or whoever gets the biggest part of Antarctica or Mars.

    And there will be opinions...

    I see IoT as an opportunity, the next level of industrialisation, to achieve efficiencies and take mankind to the next level, just like the Internet did.

    I;d personally love to see Ian M Banks ideas come true. Compassionate AI that is better at managing resources than corrupt humans.... That'll be scary (to politicians and people in power)...

  21. Anonymous Coward
    Boffin

    Then again...

    100 years ago, his sort were demanding a man with a red-flag walks in front of every 'horseless carriage' because people couldn't breath at speeds of more than 5mph

    1. Sir Runcible Spoon
      WTF?

      Re: Then again...

      "his sort"

      Seriously?

  22. Anonymous Coward
    Anonymous Coward

    The Solution is simple

    Let go Cloud!

    /s

  23. Tony S

    "Defenders have to protect an entire system, where as an attacker only has to find one flaw to achieve their objective."

    Unfortunately, this misses a key issue. That there are a lot of people that should be on the side of the defenders, producing secure systems; but are in fact doing a half arsed job. Although those people are not on the side of the attackers, they are effectively supporting attackers.

    For example, there is a situation where some programmers have hard-coded something into a system that makes it very easy for an outsider to gain access to an internal system through a device that is outside of that system. When I queried this, they were clearly oblivious to any thoughts that it might not a good idea from an overall view, just that it was a convenient way of fudging something to make it work. The chances of getting this changed? Zero. So for the next 10 years, this system will be a back door that allows access to all sorts of important data.

  24. PaulAb

    OH! God

    "The world-sized web will change everything," he said. "It will cause more real-world consequences, has fewer off switches, and gives more power to the powerful.

    As we seem to have entered a period where Morons earn huge sums, and also celebrity is power,

    does this mean we should be suspicious of Joey Essex and Posh and Becks!

    All hail our new masters!

  25. Anonymous Coward
    Anonymous Coward

    current explosion of internet-of-things devices

    you mean those exploding multi-coloured light bulbs? Cause I see no other explosion of "internet-of-things devices"...

  26. wtpayne

    The cost of applying known and understood engineering best-practices is prohibitive.

    Standards for developing secure high-integrity systems have existed for many years.

    Part of the problem is the exorbitant cost of adopting those standards - both in terms of process compliance, and also in terms of the cost of developing the requisite tooling.

    My side project: to develop an open-source integration of freely-available tools that helps to make it easier to apply better engineering processes out of the gate (Requirements Management, Model Based Development, Simulation, Parameter optimisation & testing) - specifically tailored to distributed sensor systems. (i.e. systems that involve both embedded sensor devices and a web-service style back-end handing data analysis and management).

    I'd love to make it a full-time project.

  27. The Bowman's Daughter

    Internet-off switch

    An idea I've been pushing for a while is that all connectable devices should have an "internet-off" switch.

    They must still be able to carry out their core-function - wash clothes, switch the heating on, record security footage - without a web connection or the latest software release (unless their core function IS being a communications device, obviously).

    The switch must be hard-wired and disconnect the comms circuitry (like the current airplane mode in laptops), to prevent Blackberry-type wake-ups.

    And the switch must be external and discoverable. Aunty Mabel doesn't want spend her days downloading and trying to understand software instructions, when she never wanted a "smart" washing machine anyway but now can't buy any other sort (and anyway she had it second hand from her neighbour, who doesn't have the password as his daughter set it up).

    An off-switch is no silver bullet. But will be essential when all household goods are connectable, and manufacturers stop supporting the security on your washing machine after 2 years cos it's old now, innit?

    Will need to be a legal requirement for sale in the UK (or country of your choice), otherwise manufacturers won't bother.

    1. Charles 9

      Re: Internet-off switch

      You know the OPPOSITE will happen instead. They'll make the phoning home a core prerequisite function that breaks the whole device (and voids the warranty) if ever tampered with. ALL the manufacturers will then act in cartel so that a reversal can't be made without banning every single device and manufacturer capable of selling there.

      1. The Bowman's Daughter

        Re: Internet-off switch

        Yep. That and the data harvesting to flog to advertisers...

        I just want to wash my undies, ta, not tell the world about it.

    2. Nigel 11

      Re: Internet-off switch

      Er ... just don't plug in the network connection or let it know your WiFi password?

      If it's a fridge, washing machine, etc. or even a TV, and it does not say in large letters on the box CANNOT BE USED WITHOUT AN INTERNET CONNECTION, then you will be completely within your rights to reject it as unfit for purpose if it doesn't work disconnected.

      And if it does say that a connection is required, just don't buy that one.

      There are still a fair percentage of houses in the UK that cannot have an internet connection (well, apart from a dial-up modem) because BT does not have any incentive to connect them to broadband.

      BTW routers are now so cheap that it's hardly a major expense to plug a second router into your primary one to connect doubtful IoT things to. The resulting double-NAT is also some degree of added security, if the routers are anything like secure. But I've yet to see any IoT thing worth having.

      1. The Bowman's Daughter

        Re: Internet-off switch

        Buying goods without connectivity will become harder and harder.

        And relying on a device not trying to connect with your neighbour's unsecured WiFi really isn't enough. Especially for Aunty Mabel (who frankly is often me) who neither knows nor cares about networks and just wants to put a wash on.

        It's one thing deliberately introducing connected devices to your house, because your personal cost-benefit analysis is that to you they're worth the extra work in constantly updating and securing.

        It's completely another if someone doesn't see a benefit from the connectivity, and can't or doesn't wish to devote time to its security.

      2. Charles 9

        Re: Internet-off switch

        "Er ... just don't plug in the network connection or let it know your WiFi password?"

        Ever heard of a Whispernet? It can work without your intervention.

        "And if it does say that a connection is required, just don't buy that one."

        Until you find out they ALL say that, meaning you're in a Take It Or Leave It situation. And don't count on used ones being available. Odds are they'll get scrapped at every opportunity.

  28. Seajay#
    WTF?

    "more distributed, localized systems"

    What is a distributed, localized system? aren't they opposites?

    1. Charles 9

      Re: "more distributed, localized systems"

      I think they mean it like "decentralized," meaning there's no single go-to point for these systems. Many of them can operate as local gathering points, and then they seek out other ones and collaborate peer-to-peer style.

  29. BlokeInTejas

    Sigh

    "But software isn't like that. Instead you code fast and hard and then fix things when problems crop up. "

    Nope; that's not basic; that's just what people do today.

    Wait for the first billion dollar/billon euro successful lawsuit which guts somebody quite large (have to be large to pay that) for having defective software. Car manufacturers come to mind.

    Habits will change when there's money at risk, not before.

    1. Charles 9

      Re: Sigh

      Nah, it'll have to be bigger than that. At billion-dollar levels, they'll just hire better lawyers to get it thrown out on appeal or just bribe the governments to look the other way. No, it would have to take literally state-threatening levels of f-ing up (meaning a country loses a war or risks getting overrun, bankrupted, or otherwise suffers threat of sovereignty because of it). And because of the way corporations and the like work, good luck getting actual people locked up. Either the corporate structure will shield them, or at worst they'll get knocked down to a lesser charge with carrots and sticks.

  30. Anonymous Coward
    Angel

    Experts

    It isnt that difficult you pay experts in the field to make suggestions on policy and then you actually listen to them. Mistakes will be made but just perhaps fewer than otherwise?

    1. Charles 9

      Re: Experts

      Part of the prerequisite for being a politician is the self-perception that you know EVERYTHING so that you don't have to consult experts.

      1. Anonymous Coward
        Anonymous Coward

        Re: Experts

        "Part of the prerequisite for being a politician is the self-perception that you know EVERYTHING so that you don't have to consult experts."

        A politician will always solicit views from sources that they believe will agree with them. Otherwise they just quietly ignore what is said as being irrelevant.

  31. jimdandy

    Very pithy comments. A nice wide range of opinions and some cogent discussion with relevant historical references.

    So what y'all gonna do about it?

  32. JDEvolutionist

    It Won't be Easy and It's Not Because We Are Dumb

    We all discuss and argue about everything continuously, mostly without ever achieving a great deal - the media are a personification of this; in reality things actually get done in spite of all the waffle and as a result of the evolutionary process of adaptation to prevailing condition, the condition of existence. We, as humans, can and do influence this process but cannot pre-determine its outcome.

    It is not because we are dumb (stupid) but our thinking is inevitably prone to significant error because we are never in possession of all the facts and even if we were, actually an impossibility, we would never be able to process all the information correctly. This is fundamentally due to the inherent nature of our interface with reality that is inescapably based on a process of interpretation of representative sensation.

    Bruce Schneier is right to the extent that the situation is dire and he is right in trying to promote awareness of the problem but unfortunately the exponential nature of the advance in knowledge, information and technology, all key components in the wholeness of existence, means that it is beyond the capabilities of living entities to structure an appropriate and effective plan for its future control and the security that it requires.

    The future is becoming increasing rapidly (exponentially) less predictable and progressively more uncertain. A reality that increasing diminishes our ability to constructively influence the future, the process of evolution. Oh, dear!!

  33. RTP

    Your right, nobody gets it.

    A first step might be to force companies to ask permission periodically or destroy personal information that they have collected. Once a year seems appropriate to me.

  34. Inachu

    This is where AI could come in handy.

    Once true AI has been achieved then the AI unit can self teach future threats to prevent and plug any security holes that may happen.

    Imagine an AI unit to move faster than any human hacker ever could.

  35. Infostack

    Time to rethink incentives and settlements

    The IP stack lacks settlements. Therefore it lacks a coordinated way for price signals to act as incentives and disincentives. As well, without value conveyance (from core and top to edge and bottom) there is no sustainable "inter-network" effect.

    Digital networks will require us to reassess our thinking of socio-economic institutions and winner takes all of a capitalistic, analog world. We've come a long way in 30 years, but still have much to learn and understand.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like